Privacy

Spill Center, Inc. complies with the EU-U.S. Privacy Shield Framework as set forth by the

U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Spill Center, Inc. has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

Spill Center, Inc.

EU-U.S. Privacy Shield: Consumer Privacy Policy

Last Updated: May 18, 2017

Spill Center, Inc. (“Spill Center”) respects your concerns about privacy. Spill Center participates in the EU-U.S. Privacy Shield (“Privacy Shield”) framework issued by the U.S. Department of Commerce. Spill Center commits to comply with the Privacy Shield Principles with respect to Consumer Personal Data the company receives from the EU in reliance on the Privacy Shield. This Policy describes how Spill Center implements the Privacy Shield Principles for Consumer Personal Data.

For purposes of this Policy:

“Consumer” means any natural person who is located in the EU, but excludes any individual acting in his or her capacity as an Employee.

“Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

“Customer” means any entity that purchases or otherwise obtains products or services from Spill Center.

“Employee” means any current, former or prospective employee of Spill Center, or any of its European affiliates, who is located in the Spill Center.

“EU” means the European Union and Iceland, Liechtenstein and Norway.

“Personal Data” means any information, including Sensitive Data, that is (i) about an identified or identifiable individual, (ii) received by Spill Center in the U.S. from the EU, and (iii) recorded in any form.

“Privacy Shield Principles” means the Principles and Supplemental Principles of the Privacy Shield.

“Processor” means any natural or legal person, public authority, agency or other body that processes Personal Data on behalf of a Controller.

“Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

Spill Center’s EU-U.S. Privacy Shield certification can be found at https://www.privacyshield.gov/. For more information about Spill Center’s processing of Personal Data obtained from Consumers on its website, please visit Spill Center’s Online Privacy Policy.

Types of Personal Data Spill Center Collects

Spill Center collects Personal Data directly from Consumers. This collection occurs, for example, when a Consumer visits Spill Center’s website and provides Personal Data to Spill Center. Click here for information on the types of Personal Data Spill Center receives through its website. In addition, Spill Center obtains Consumer Personal Data, such as contact information, in connection with maintaining its Customer relationships and providing its products and services to Customers. Spill Center also obtains Personal Data, such as contact information, of its vendors’ representatives. Spill Center uses this information to manage its relationships with its vendors.

Notice

Spill Center provides information in this Policy and the company’s online privacy policy at http://Spill Center.com/privacy and about its Consumer Personal Data practices, including the types of Personal Data Spill Center collects, the types of third parties to which Spill Center discloses the Personal Data and the purposes for doing so, the rights and choices Consumers have for limiting the use and disclosure of their Personal Data, and how to contact Spill Center about its practices concerning Personal Data.

Choice

When Spill Center collects Personal Data directly from Consumers, the company generally offers those Consumers the opportunity to choose whether their Personal Data may be (i) disclosed to third- party Controllers, or (ii) used for a purpose that is materially different from the purposes for which the information was originally collected or subsequently authorized by the relevant Consumer. To the extent required by the Privacy Shield Principles, Spill Center obtains opt-in consent for certain uses and disclosures of Sensitive Data. Consumers may contact Spill Center as indicated below regarding the company’s use or disclosure of their Personal Data. Unless Spill Center offers Consumers an appropriate choice, the company uses Personal Data only for purposes that are materially the same as those indicated in this Policy or Spill Center’s online privacy policy at http://Spill Center.com/privacy.

Spill Center shares Consumer Personal Data with its affiliates and subsidiaries. Spill Center may disclose Consumer Personal Data without offering an opportunity to opt out, and may be required to disclose the Personal Data, (i) to third-party Processors the company has retained to perform services on its behalf and pursuant to its instructions, (ii) if it is required to do so by law or legal process, or (iii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements. Spill Center also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).

Accountability for Onward Transfer of Personal Data

To the extent Spill Center acts as a Controller, except as permitted or required by applicable law, Spill Center provides Consumers with an opportunity to opt out of sharing their Personal Data with third- party Controllers. Spill Center requires third-party Controllers to whom it discloses Consumer Personal Data to contractually agree to (i) only process the Personal Data for limited and specified purposes consistent with the consent provided by the relevant Consumer, (ii) provide the same level of protection for Personal Data as is required by the Privacy Shield Principles, and (iii) notify Spill Center and cease processing Personal Data (or take other reasonable and appropriate remedial steps) if the third-party Controller determines that it cannot meet its obligation to provide the same level of protection for Personal Data as is required by the Privacy Shield Principles.

With respect to transfers of Consumer Personal Data to third-party Processors, Spill Center (i) enters into a contract with each relevant Processor, (ii) transfers Personal Data to each such Processor only for limited and specified purposes, (iii) ascertains that the Processor is obligated to provide the Personal Data with at least the same level of privacy protection as is required by the Privacy Shield Principles, (iv) takes reasonable and appropriate steps to ensure that the Processor effectively processes the Personal Data in a manner consistent with Spill Center’s obligations under the Privacy Shield Principles, (v) requires the Processor to notify Spill Center if the Processor determines that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles, (vi) upon notice, including under (v) above, takes reasonable and appropriate steps to stop and remediate unauthorized processing of the Personal Data by the Processor, and (vii) provides a summary or representative copy of the relevant privacy provisions of the Processor contract to the Department of Commerce, upon request. Spill Center remains liable under the Privacy Shield Principles if the company’s third-party Processor onward transfer recipients process relevant Personal Data in a manner inconsistent with the Privacy Shield Principles, unless Spill Center proves that it is not responsible for the event giving rise to the damage.

Security

Spill Center takes reasonable and appropriate measures to protect Consumer Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the Personal Data.

Our Collection and Use of Your Personal Information

We use the information we collect when you log on and visit different sections of our site to help make our site, products and services more useful to you. The types of information we may collect, retain and use include the following:

Site Use Information

Information such as your IP address, Browser type, navigation pattern, cookies, and referring site may be implicitly collected automatically as you use this site. Spill Center uses this information, in conjunction with information from other sources, to enhance your experience on our Website and as research for offering services that we think will better meet your needs. If you do not wish to have such personal information collected, Spill Center requests you do not complete any forms on this site that request personal information, and that you refrain from browsing the site.

Information You Provide to Us

You may visit portions of this Site without providing any information about yourself and without registering on our Site. If you wish to view our blog, subscribe to our newsletter or submit a request for additional information about our company we collect information from you (“Personally Identifying Information”). You will be asked to provide, for instance, your first and last name, business affiliation, email address, street address, telephone number, and fax number. We may also ask you to provide other optional information, such as how you heard about us or areas of particular interest. Your Personally Identifying Information is stored on our servers or other databases which are password protected or accessible to a limited number of authorized staff. If you send us an email, we will retain your email address after we send our response.

We may use your Personally Identifying Information to respond to your inquiries, to process transactions requested by you, to contact you in connection with products or services which may be of interest to you, to send you newsletters or additional offers, to allow you to access your information or for other purposes. If we send you offers or information about other companies, we do not share your information with the company providing the offer.

Child Privacy

Because of the nature of our business, our products and services are not designed to appeal to minors, and therefore we do not knowingly attempt to solicit or receive any information from children.

Disclosing Information to Third Parties

We do not share, rent or sell Personally Identifying Information to any other company, person or agency. We do not disclose Personally Identifying Information to other companies or persons for commercial or direct marketing purposes.

We may disclose Personally Identifying Information (1) if you request or authorize it; (2) to complete a request or transaction for you; (3) in response to a subpoena, court order or a specific request by a law enforcement agency, or otherwise as required by law; (4) to enforce our Terms of Use or other agreements or to protect our rights, property or safety or the rights, property or safety of our users or others (e.g. to a consumer reporting agency for fraud protection, etc.); (5) if the disclosure is done as a part of a purchase, transfer or sale of our services or our assets (e.g., in the event that substantially all of our assets are acquired by another party, Personally Identifying Information about our Site users may be one of the transferred assets); (6) to our agents, outside vendors or service providers to perform functions on our behalf (e.g., analyzing data, providing marketing or mailing assistance, customer service, etc.); or (7) to others as described in this Privacy Statement.

Inapplicability of Privacy Policies of any Linked Sites or Other Parties

Our Site may have links to other websites. We do not exercise control over any information you give to any other entity, even if that information was provided after linking to the entity requesting the information from our Site. We are not responsible for the privacy practices of any third parties or the content of linked sites, although we do encourage you to read the applicable privacy policies and terms and conditions of such parties or web sites.

Notices and Changes to Our Privacy Policy

As our business changes, this Privacy Statement is expected to change from time to time, and we reserve the right to change the Privacy Statement at any time. The use of your information is subject to the Privacy Statement in effect at the time of use. The provisions contained herein supersede all previous notices or statements regarding our privacy practices with respect to this Site. We include the effective date of our Privacy Statement at the top of the statement. We encourage you to check our Site frequently to see the current Privacy Statement in effect and any changes that may have been made to it. If we make material changes to this Statement we will post the revised Statement and the revised effective date on this Site.

Data Transfer

We may transfer the personal information we collect about you to recipients in countries other than the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to recipients in other countries (such as the U.S.) we will protect that information as described in this Privacy Policy.

If you are located in the European Economic Area (“EEA”), we will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries outside of the EEA. With respect to transfers of personal information to the U.S., 3E is certified under the EU-U.S. Privacy Shield framework developed by the U.S. Department of Commerce and the European Commission regarding the transfer of personal information from the EEA to the U.S. Click here to view our EU-U.S. Privacy Shield Privacy Policy.

Your Access to Your Information

If you have provided information and wish in the future to update or change your information, or if you wish that we stop using this information, you can email us at info@spillcenter.com and we will update or delete your information or, at your request, remove you from our email distribution list. You may unsubscribe to our newsletter service by clicking “unsubscribe” at the bottom of the newsletter or you can follow the link on the newsletter to update your preferences. Alternatively, you may, at any time, direct us to change your information by submitting corrected information to us by mail at the address below. Please be aware that we will remove your information but that it may take up to 30 days to process your request.

If you are located in the European Economic Area (“EEA”) or Switzerland, you may direct us not to share your personal information with third parties, except (i) with service providers we have retained to perform services on our behalf, (ii) in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation), (iii) if disclosure is required by law or legal process, (iv) with law enforcement authorities or other government officials, or (v) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraud or other illegal activity. If you are located in the EEA or Switzerland, we use your personal information only for the purposes indicated in this Online Privacy Notice unless we have a legal basis, such as consent, to use it for other purposes. Where required by law, 3E obtains your prior opt-in consent at the time of collection for the processing of (i) personal information for marketing purposes and (ii) personal information deemed sensitive pursuant to applicable law.

Questions Regarding This Privacy Policy

If you have any questions about our Privacy Policy, or any concern about privacy at Spill Center, please contact us at info@spillcenter.com or by mail at:
Spill Center
1 Cabot Rd., Suite 200
Hudson, MA 01749

By using this Site, you are agreeing to the terms and conditions of this Privacy Statement. IF YOU DO NOT AGREE WITH THIS PRIVACY STATEMENT, DO NOT USE THIS SITE. We reserve the right at our discretion to change, modify, add, or remove portions of this Statement at any time.

Data Integrity and Purpose Limitation

Spill Center limits the Consumer Personal Data it processes to that which is relevant for the purposes of the particular processing. Spill Center does not process Consumer Personal Data in ways that are incompatible with the purposes for which the information was collected or subsequently authorized by the relevant Consumer. In addition, to the extent necessary for these purposes and consistent with its role as a Controller or Processor, Spill Center takes reasonable steps to ensure that the Personal Data the company processes is (i) reliable for its intended use, and (ii) accurate, complete and current. In this regard, Spill Center relies on its Consumers and Customers to update and correct the relevant Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized. Consumers (and Customers, as appropriate) may contact Spill Center as indicated below to request that Spill Center update or correct relevant Personal Data.

Subject to applicable law, Spill Center retains Consumer Personal Data in a form that identifies or renders identifiable the relevant Consumer only for as long as it serves a purpose that is compatible with the purposes for which the Personal Data was collected or subsequently authorized by the Consumer or Customer, as appropriate.

Access

Consumers generally have the right to access their Personal Data. Accordingly, to the extent Spill Center acts as a Controller, where appropriate, Spill Center provides Consumers with reasonable access to the Personal Data Spill Center maintains about them. Spill Center also provides a reasonable opportunity for those Consumers to correct, amend or delete the information where it is inaccurate or has been processed in violation of the Privacy Shield Principles, as appropriate. Spill Center may limit or deny access to Personal Data where the burden or expense of providing access would be disproportionate to the risks to the Consumer’s privacy in the case in question, or where the rights of persons other than the Consumer would be violated. Consumers may request access to their Personal Data by contacting Spill Center as indicated below.

Recourse, Enforcement and Liability

Spill Center has mechanisms in place deigned to help assure compliance with the Privacy Shield Principles. Spill Center conducts an annual self-assessment of its Consumer Personal Data practices to verify that the attestations and assertions the company makes about its Privacy Shield privacy practices are true and that the company’s privacy practices have been implemented as represented and in accordance with the Privacy Shield Principles.

Consumers may file a complaint concerning Spill Center’s processing of their Personal Data. Spill Center will take steps to remedy issues arising out of its alleged failure to comply with the Privacy Shield Principles. Consumers may contact Spill Center as specified below about complaints regarding the company’s Consumer Personal Data practices.

If a Consumer’s complaint cannot be resolved through Spill Center’s internal processes, Spill Center will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website at https://www.jamsadr.com/eu-us-privacy-shield. JAMS mediation may be commenced as provided for in the relevant JAMS rules. Following the dispute resolution process, JAMS or the Consumer may refer the matter to the U.S. Federal Trade Commission, which has Privacy Shield investigatory and enforcement powers over Spill Center. Under certain circumstances, Consumers also may be able to invoke binding arbitration to address complaints about Spill Center’s compliance with the Privacy Shield Principles.

How to Contact Spill Center

To contact Spill Center with questions or concerns about this Policy or Spill Center’s Consumer Personal Data practices: